diff options
Diffstat (limited to 'src/conf_mode')
66 files changed, 350 insertions, 27 deletions
diff --git a/src/conf_mode/arp.py b/src/conf_mode/arp.py index fde7dc521..aac07bd80 100755 --- a/src/conf_mode/arp.py +++ b/src/conf_mode/arp.py @@ -25,6 +25,9 @@ from vyos.config import Config from vyos.util import call from vyos import ConfigError +from vyos import airbag +airbag.enable() + arp_cmd = '/usr/sbin/arp' def get_config(): diff --git a/src/conf_mode/bcast_relay.py b/src/conf_mode/bcast_relay.py index a3bc76ef8..5c7294296 100755 --- a/src/conf_mode/bcast_relay.py +++ b/src/conf_mode/bcast_relay.py @@ -25,6 +25,9 @@ from vyos import ConfigError from vyos.util import call from vyos.template import render +from vyos import airbag +airbag.enable() + config_file = r'/etc/default/udp-broadcast-relay' default_config_data = { diff --git a/src/conf_mode/dhcp_relay.py b/src/conf_mode/dhcp_relay.py index d24a46220..f093a005e 100755 --- a/src/conf_mode/dhcp_relay.py +++ b/src/conf_mode/dhcp_relay.py @@ -23,6 +23,9 @@ from vyos.template import render from vyos.util import call from vyos import ConfigError +from vyos import airbag +airbag.enable() + config_file = r'/run/dhcp-relay/dhcp.conf' default_config_data = { diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/dhcp_server.py index 1849ece0a..0eaa14c5b 100755 --- a/src/conf_mode/dhcp_server.py +++ b/src/conf_mode/dhcp_server.py @@ -27,6 +27,9 @@ from vyos import ConfigError from vyos.template import render from vyos.util import call, chown +from vyos import airbag +airbag.enable() + config_file = r'/run/dhcp-server/dhcpd.conf' default_config_data = { diff --git a/src/conf_mode/dhcpv6_relay.py b/src/conf_mode/dhcpv6_relay.py index ecc739063..6ef290bf0 100755 --- a/src/conf_mode/dhcpv6_relay.py +++ b/src/conf_mode/dhcpv6_relay.py @@ -24,6 +24,9 @@ from vyos import ConfigError from vyos.util import call from vyos.template import render +from vyos import airbag +airbag.enable() + config_file = r'/run/dhcp-relay/dhcpv6.conf' default_config_data = { diff --git a/src/conf_mode/dhcpv6_server.py b/src/conf_mode/dhcpv6_server.py index 9e24ee591..53c8358a5 100755 --- a/src/conf_mode/dhcpv6_server.py +++ b/src/conf_mode/dhcpv6_server.py @@ -26,6 +26,9 @@ from vyos.util import call from vyos.validate import is_subnet_connected, is_ipv6 from vyos import ConfigError +from vyos import airbag +airbag.enable() + config_file = r'/run/dhcp-server/dhcpdv6.conf' default_config_data = { diff --git a/src/conf_mode/dns_forwarding.py b/src/conf_mode/dns_forwarding.py index f87c198f7..692ac2456 100755 --- a/src/conf_mode/dns_forwarding.py +++ b/src/conf_mode/dns_forwarding.py @@ -27,6 +27,9 @@ from vyos import ConfigError from vyos.util import call from vyos.template import render +from vyos import airbag +airbag.enable() + parser = argparse.ArgumentParser() parser.add_argument("--dhclient", action="store_true", help="Started from dhclient-script") diff --git a/src/conf_mode/dynamic_dns.py b/src/conf_mode/dynamic_dns.py index 3386324ae..5b1883c03 100755 --- a/src/conf_mode/dynamic_dns.py +++ b/src/conf_mode/dynamic_dns.py @@ -25,6 +25,9 @@ from vyos import ConfigError from vyos.util import call from vyos.template import render +from vyos import airbag +airbag.enable() + config_file = r'/run/ddclient/ddclient.conf' # Mapping of service name to service protocol diff --git a/src/conf_mode/firewall_options.py b/src/conf_mode/firewall_options.py index 0b800f48f..71b2a98b3 100755 --- a/src/conf_mode/firewall_options.py +++ b/src/conf_mode/firewall_options.py @@ -23,6 +23,8 @@ from vyos.config import Config from vyos import ConfigError from vyos.util import call +from vyos import airbag +airbag.enable() default_config_data = { 'intf_opts': [], diff --git a/src/conf_mode/flow_accounting_conf.py b/src/conf_mode/flow_accounting_conf.py index d691e6abd..a9ebab53e 100755 --- a/src/conf_mode/flow_accounting_conf.py +++ b/src/conf_mode/flow_accounting_conf.py @@ -29,6 +29,9 @@ from vyos import ConfigError from vyos.util import cmd from vyos.template import render +from vyos import airbag +airbag.enable() + # default values default_sflow_server_port = 6343 default_netflow_server_port = 2055 diff --git a/src/conf_mode/host_name.py b/src/conf_mode/host_name.py index f181a7b35..dbc587d7d 100755 --- a/src/conf_mode/host_name.py +++ b/src/conf_mode/host_name.py @@ -33,6 +33,9 @@ from vyos.config import Config from vyos import ConfigError from vyos.util import cmd, call, run, process_named_running +from vyos import airbag +airbag.enable() + default_config_data = { 'hostname': 'vyos', 'domain_name': '', diff --git a/src/conf_mode/http-api.py b/src/conf_mode/http-api.py index 3b8a67ef6..b8a084a40 100755 --- a/src/conf_mode/http-api.py +++ b/src/conf_mode/http-api.py @@ -27,6 +27,9 @@ from vyos import ConfigError from vyos.util import cmd from vyos.util import call +from vyos import airbag +airbag.enable() + config_file = '/etc/vyos/http-api.conf' vyos_conf_scripts_dir=vyos.defaults.directories['conf_mode'] diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py index 718e8375c..7acb629bd 100755 --- a/src/conf_mode/https.py +++ b/src/conf_mode/https.py @@ -27,6 +27,8 @@ from vyos import ConfigError from vyos.util import call from vyos.template import render +from vyos import airbag +airbag.enable() config_file = '/etc/nginx/sites-available/default' diff --git a/src/conf_mode/igmp_proxy.py b/src/conf_mode/igmp_proxy.py index 9cd7163f0..49aea9b7f 100755 --- a/src/conf_mode/igmp_proxy.py +++ b/src/conf_mode/igmp_proxy.py @@ -25,6 +25,8 @@ from vyos import ConfigError from vyos.util import call from vyos.template import render +from vyos import airbag +airbag.enable() config_file = r'/etc/igmpproxy.conf' diff --git a/src/conf_mode/intel_qat.py b/src/conf_mode/intel_qat.py index cc7d4a915..0b2d318fd 100755 --- a/src/conf_mode/intel_qat.py +++ b/src/conf_mode/intel_qat.py @@ -24,6 +24,9 @@ from vyos.config import Config from vyos import ConfigError from vyos.util import popen, run +from vyos import airbag +airbag.enable() + # Define for recovering gl_ipsec_conf = None @@ -56,7 +59,7 @@ def vpn_control(action): def verify(c): # Check if QAT service installed - if not os.path.exists('/etc/init.d/vyos-qat-utilities'): + if not os.path.exists('/etc/init.d/qat_service'): raise ConfigError("Warning: QAT init file not found") if c['qat_conf'] == None: @@ -78,13 +81,13 @@ def apply(c): # Disable QAT service if c['qat_conf'] == None: - run('sudo /etc/init.d/vyos-qat-utilities stop') + run('sudo /etc/init.d/qat_service stop') if c['ipsec_conf']: vpn_control('start') return # Run qat init.d script - run('sudo /etc/init.d/vyos-qat-utilities start') + run('sudo /etc/init.d/qat_service start') if c['ipsec_conf']: # Recovery VPN service vpn_control('start') diff --git a/src/conf_mode/interfaces-bonding.py b/src/conf_mode/interfaces-bonding.py index 0c222c485..a16c4e105 100755 --- a/src/conf_mode/interfaces-bonding.py +++ b/src/conf_mode/interfaces-bonding.py @@ -28,6 +28,9 @@ from vyos.util import call, cmd from vyos.validate import is_member, has_address_configured from vyos import ConfigError +from vyos import airbag +airbag.enable() + default_config_data = { **interface_default_data, 'arp_mon_intvl': 0, @@ -298,8 +301,11 @@ def apply(bond): if bond['dhcpv6_temporary']: b.dhcp.v6.options['dhcpv6_temporary'] = True - if bond['dhcpv6_pd']: - b.dhcp.v6.options['dhcpv6_pd'] = bond['dhcpv6_pd'] + if bond['dhcpv6_pd_length']: + b.dhcp.v6.options['dhcpv6_pd_length'] = bond['dhcpv6_pd_length'] + + if bond['dhcpv6_pd_interfaces']: + b.dhcp.v6.options['dhcpv6_pd_interfaces'] = bond['dhcpv6_pd_interfaces'] # ignore link state changes b.set_link_detect(bond['disable_link_detect']) diff --git a/src/conf_mode/interfaces-bridge.py b/src/conf_mode/interfaces-bridge.py index 3ff339f0f..1e4fa5816 100755 --- a/src/conf_mode/interfaces-bridge.py +++ b/src/conf_mode/interfaces-bridge.py @@ -28,6 +28,9 @@ from vyos.config import Config from vyos.util import cmd, get_bridge_member_config from vyos import ConfigError +from vyos import airbag +airbag.enable() + default_config_data = { **interface_default_data, 'aging': 300, @@ -321,8 +324,11 @@ def apply(bridge): if bridge['dhcpv6_temporary']: br.dhcp.v6.options['dhcpv6_temporary'] = True - if bridge['dhcpv6_pd']: - br.dhcp.v6.options['dhcpv6_pd'] = br['dhcpv6_pd'] + if bridge['dhcpv6_pd_length']: + br.dhcp.v6.options['dhcpv6_pd_length'] = br['dhcpv6_pd_length'] + + if bridge['dhcpv6_pd_interfaces']: + br.dhcp.v6.options['dhcpv6_pd_interfaces'] = br['dhcpv6_pd_interfaces'] # assign/remove VRF br.set_vrf(bridge['vrf']) diff --git a/src/conf_mode/interfaces-dummy.py b/src/conf_mode/interfaces-dummy.py index 4a77b0c1a..ec255edd5 100755 --- a/src/conf_mode/interfaces-dummy.py +++ b/src/conf_mode/interfaces-dummy.py @@ -26,6 +26,9 @@ from vyos.config import Config from vyos.validate import is_member from vyos import ConfigError +from vyos import airbag +airbag.enable() + default_config_data = { 'address': [], 'address_remove': [], diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py index f45a77a3e..8d657acba 100755 --- a/src/conf_mode/interfaces-ethernet.py +++ b/src/conf_mode/interfaces-ethernet.py @@ -27,6 +27,9 @@ from vyos.validate import is_member from vyos.config import Config from vyos import ConfigError +from vyos import airbag +airbag.enable() + default_config_data = { **interface_default_data, 'deleted': False, @@ -170,6 +173,10 @@ def verify(eth): f'Interface "{eth["intf"]}" cannot be member of VRF "{eth["vrf"]}" ' f'and "{memberof}" at the same time!')) + if eth['mac'] and eth['is_bond_member']: + print('WARNING: "mac {0}" command will be ignored because {1} is a part of {2}'\ + .format(eth['mac'], eth['intf'], eth['is_bond_member'])) + # use common function to verify VLAN configuration verify_vlan_config(eth) return None @@ -201,8 +208,11 @@ def apply(eth): if eth['dhcpv6_temporary']: e.dhcp.v6.options['dhcpv6_temporary'] = True - if eth['dhcpv6_pd']: - e.dhcp.v6.options['dhcpv6_pd'] = e['dhcpv6_pd'] + if eth['dhcpv6_pd_length']: + e.dhcp.v6.options['dhcpv6_pd_length'] = eth['dhcpv6_pd_length'] + + if eth['dhcpv6_pd_interfaces']: + e.dhcp.v6.options['dhcpv6_pd_interfaces'] = eth['dhcpv6_pd_interfaces'] # ignore link state changes e.set_link_detect(eth['disable_link_detect']) @@ -236,11 +246,12 @@ def apply(eth): e.del_ipv6_eui64_address(addr) # Change interface MAC address - re-set to real hardware address (hw-id) - # if custom mac is removed - if eth['mac']: - e.set_mac(eth['mac']) - elif eth['hw_id']: - e.set_mac(eth['hw_id']) + # if custom mac is removed. Skip if bond member. + if not eth['is_bond_member']: + if eth['mac']: + e.set_mac(eth['mac']) + elif eth['hw_id']: + e.set_mac(eth['hw_id']) # Add IPv6 EUI-based addresses for addr in eth['ipv6_eui64_prefix']: diff --git a/src/conf_mode/interfaces-geneve.py b/src/conf_mode/interfaces-geneve.py index e4109a221..31f6eb6b5 100755 --- a/src/conf_mode/interfaces-geneve.py +++ b/src/conf_mode/interfaces-geneve.py @@ -25,6 +25,9 @@ from vyos.ifconfig import GeneveIf from vyos.validate import is_member from vyos import ConfigError +from vyos import airbag +airbag.enable() + default_config_data = { 'address': [], 'deleted': False, diff --git a/src/conf_mode/interfaces-l2tpv3.py b/src/conf_mode/interfaces-l2tpv3.py index cdfc6ea84..4ff0bcb57 100755 --- a/src/conf_mode/interfaces-l2tpv3.py +++ b/src/conf_mode/interfaces-l2tpv3.py @@ -26,6 +26,9 @@ from vyos import ConfigError from vyos.util import call from vyos.validate import is_member, is_addr_assigned +from vyos import airbag +airbag.enable() + default_config_data = { 'address': [], 'deleted': False, diff --git a/src/conf_mode/interfaces-loopback.py b/src/conf_mode/interfaces-loopback.py index ddd18ae24..df268cec2 100755 --- a/src/conf_mode/interfaces-loopback.py +++ b/src/conf_mode/interfaces-loopback.py @@ -24,6 +24,9 @@ from vyos.configdict import list_diff from vyos.config import Config from vyos import ConfigError +from vyos import airbag +airbag.enable() + default_config_data = { 'address': [], 'address_remove': [], diff --git a/src/conf_mode/interfaces-macsec.py b/src/conf_mode/interfaces-macsec.py index 7d6f238f3..a8966148f 100755 --- a/src/conf_mode/interfaces-macsec.py +++ b/src/conf_mode/interfaces-macsec.py @@ -28,6 +28,9 @@ from vyos.util import call from vyos.validate import is_member from vyos import ConfigError +from vyos import airbag +airbag.enable() + default_config_data = { 'address': [], 'address_remove': [], diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index ea8e1a7c4..5afcbe7da 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -32,6 +32,9 @@ from vyos.util import call, chown, chmod_600, chmod_755 from vyos.validate import is_addr_assigned, is_member, is_ipv4 from vyos import ConfigError +from vyos import airbag +airbag.enable() + user = 'openvpn' group = 'openvpn' @@ -109,6 +112,7 @@ default_config_data = { 'type': 'tun', 'uid': user, 'gid': group, + 'vrf': '' } @@ -630,6 +634,10 @@ def get_config(): if openvpn['redirect_gateway']: openvpn['redirect_gateway'] += ' ipv6' + # retrieve VRF instance + if conf.exists('vrf'): + openvpn['vrf'] = conf.return_value('vrf') + return openvpn def verify(openvpn): @@ -941,6 +949,16 @@ def verify(openvpn): if not openvpn['auth_pass']: raise ConfigError('Password for authentication is missing') + if openvpn['vrf']: + if openvpn['vrf'] not in interfaces(): + raise ConfigError(f'VRF "{openvpn["vrf"]}" does not exist') + + if openvpn['is_bridge_member']: + raise ConfigError(( + f'Interface "{openvpn["intf"]}" cannot be member of VRF ' + f'"{openvpn["vrf"]}" and bridge "{openvpn["is_bridge_member"]}" ' + f'at the same time!')) + return None def generate(openvpn): @@ -1070,6 +1088,11 @@ def apply(openvpn): for addr in openvpn['ipv6_eui64_prefix']: o.add_ipv6_eui64_address(addr) + # assign/remove VRF (ONLY when not a member of a bridge, + # otherwise 'nomaster' removes it from it) + if not openvpn['is_bridge_member']: + o.set_vrf(openvpn['vrf']) + except: pass diff --git a/src/conf_mode/interfaces-pppoe.py b/src/conf_mode/interfaces-pppoe.py index 6cde850c9..231672490 100755 --- a/src/conf_mode/interfaces-pppoe.py +++ b/src/conf_mode/interfaces-pppoe.py @@ -21,13 +21,17 @@ from copy import deepcopy from netifaces import interfaces from vyos.config import Config +from vyos.configdict import dhcpv6_pd_default_data from vyos.ifconfig import Interface +from vyos.template import render from vyos.util import chown, chmod_755, call from vyos import ConfigError -from vyos.template import render +from vyos import airbag +airbag.enable() default_config_data = { + **dhcpv6_pd_default_data, 'access_concentrator': '', 'auth_username': '', 'auth_password': '', @@ -36,7 +40,6 @@ default_config_data = { 'deleted': False, 'description': '\0', 'disable': False, - 'dhcpv6_pd': [], 'intf': '', 'idle_timeout': '', 'ipv6_autoconf': False, @@ -137,15 +140,24 @@ def get_config(): if conf.exists('vrf'): pppoe['vrf'] = conf.return_value(['vrf']) - if conf.exists(['dhcpv6-options', 'delegate']): - for interface in conf.list_nodes(['dhcpv6-options', 'delegate']): + if conf.exists(['dhcpv6-options', 'prefix-delegation']): + dhcpv6_pd_path = base_path + [pppoe['intf'], + 'dhcpv6-options', 'prefix-delegation'] + conf.set_level(dhcpv6_pd_path) + + # retriebe DHCPv6-PD prefix helper length as some ISPs only hand out a + # /64 by default (https://phabricator.vyos.net/T2506) + if conf.exists(['length']): + pppoe['dhcpv6_pd_length'] = conf.return_value(['length']) + + for interface in conf.list_nodes(['interface']): + conf.set_level(dhcpv6_pd_path + ['interface', interface]) pd = { 'ifname': interface, 'sla_id': '', 'sla_len': '', 'if_id': '' } - conf.set_level(base_path + [pppoe['intf'], 'dhcpv6-options', 'delegate', interface]) if conf.exists(['sla-id']): pd['sla_id'] = conf.return_value(['sla-id']) @@ -153,10 +165,10 @@ def get_config(): if conf.exists(['sla-len']): pd['sla_len'] = conf.return_value(['sla-len']) - if conf.exists(['interface-id']): - pd['if_id'] = conf.return_value(['interface-id']) + if conf.exists(['address']): + pd['if_id'] = conf.return_value(['address']) - pppoe['dhcpv6_pd'].append(pd) + pppoe['dhcpv6_pd_interfaces'].append(pd) return pppoe @@ -223,7 +235,7 @@ def generate(pppoe): render(script_pppoe_ipv6_up, 'pppoe/ipv6-up.script.tmpl', pppoe, trim_blocks=True, permission=0o755) - if len(pppoe['dhcpv6_pd']) > 0: + if len(pppoe['dhcpv6_pd_interfaces']) > 0: # ipv6.tmpl relies on ifname - this should be made consitent in the # future better then double key-ing the same value pppoe['ifname'] = intf diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces-pseudo-ethernet.py index 3e036a753..b142688f6 100755 --- a/src/conf_mode/interfaces-pseudo-ethernet.py +++ b/src/conf_mode/interfaces-pseudo-ethernet.py @@ -26,6 +26,9 @@ from vyos.ifconfig import MACVLANIf, Section from vyos.ifconfig_vlan import apply_all_vlans, verify_vlan_config from vyos import ConfigError +from vyos import airbag +airbag.enable() + default_config_data = { **interface_default_data, 'deleted': False, @@ -171,8 +174,11 @@ def apply(peth): if peth['dhcpv6_temporary']: p.dhcp.v6.options['dhcpv6_temporary'] = True - if peth['dhcpv6_pd']: - p.dhcp.v6.options['dhcpv6_pd'] = peth['dhcpv6_pd'] + if peth['dhcpv6_pd_length']: + p.dhcp.v6.options['dhcpv6_pd_length'] = peth['dhcpv6_pd_length'] + + if peth['dhcpv6_pd_interfaces']: + p.dhcp.v6.options['dhcpv6_pd_interfaces'] = peth['dhcpv6_pd_interfaces'] # ignore link state changes p.set_link_detect(peth['disable_link_detect']) diff --git a/src/conf_mode/interfaces-tunnel.py b/src/conf_mode/interfaces-tunnel.py index 8e9bb069e..c9964d41c 100755 --- a/src/conf_mode/interfaces-tunnel.py +++ b/src/conf_mode/interfaces-tunnel.py @@ -29,6 +29,9 @@ from vyos.validate import is_ipv4, is_ipv6, is_member from vyos import ConfigError from vyos.dicts import FixedDict +from vyos import airbag +airbag.enable() + class ConfigurationState(Config): """ The current API require a dict to be generated by get_config() diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py index 84fe3dfc8..39db814b4 100755 --- a/src/conf_mode/interfaces-vxlan.py +++ b/src/conf_mode/interfaces-vxlan.py @@ -25,6 +25,9 @@ from vyos.ifconfig import VXLANIf, Interface from vyos.validate import is_member from vyos import ConfigError +from vyos import airbag +airbag.enable() + default_config_data = { 'address': [], 'deleted': False, diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py index 97dcf626b..ab3e073ae 100755 --- a/src/conf_mode/interfaces-wireguard.py +++ b/src/conf_mode/interfaces-wireguard.py @@ -28,6 +28,9 @@ from vyos.util import chown, chmod_750, call from vyos.validate import is_member, is_ipv6 from vyos import ConfigError +from vyos import airbag +airbag.enable() + kdir = r'/config/auth/wireguard' default_config_data = { diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py index 0fa20c5f4..0162b642c 100755 --- a/src/conf_mode/interfaces-wireless.py +++ b/src/conf_mode/interfaces-wireless.py @@ -32,6 +32,9 @@ from vyos.util import chown, call from vyos.validate import is_member from vyos import ConfigError +from vyos import airbag +airbag.enable() + default_config_data = { **interface_default_data, 'cap_ht' : False, @@ -591,8 +594,11 @@ def apply(wifi): if wifi['dhcpv6_temporary']: w.dhcp.v6.options['dhcpv6_temporary'] = True - if wifi['dhcpv6_pd']: - w.dhcp.v6.options['dhcpv6_pd'] = wifi['dhcpv6_pd'] + if wifi['dhcpv6_pd_length']: + w.dhcp.v6.options['dhcpv6_pd_length'] = wifi['dhcpv6_pd_length'] + + if wifi['dhcpv6_pd_interfaces']: + w.dhcp.v6.options['dhcpv6_pd_interfaces'] = wifi['dhcpv6_pd_interfaces'] # ignore link state changes w.set_link_detect(wifi['disable_link_detect']) diff --git a/src/conf_mode/interfaces-wirelessmodem.py b/src/conf_mode/interfaces-wirelessmodem.py index 975e21d9f..a13c70990 100755 --- a/src/conf_mode/interfaces-wirelessmodem.py +++ b/src/conf_mode/interfaces-wirelessmodem.py @@ -27,6 +27,9 @@ from vyos.util import chown, chmod_755, cmd, call from vyos.validate import is_member from vyos import ConfigError +from vyos import airbag +airbag.enable() + default_config_data = { 'address': [], 'apn': '', diff --git a/src/conf_mode/ipsec-settings.py b/src/conf_mode/ipsec-settings.py index 6282c2cc7..015d1a480 100755 --- a/src/conf_mode/ipsec-settings.py +++ b/src/conf_mode/ipsec-settings.py @@ -25,6 +25,8 @@ from vyos import ConfigError from vyos.util import call from vyos.template import render +from vyos import airbag +airbag.enable() ra_conn_name = "remote-access" charon_conf_file = "/etc/strongswan.d/charon.conf" diff --git a/src/conf_mode/le_cert.py b/src/conf_mode/le_cert.py index 2db31d3fc..5b965f95f 100755 --- a/src/conf_mode/le_cert.py +++ b/src/conf_mode/le_cert.py @@ -23,6 +23,9 @@ from vyos import ConfigError from vyos.util import cmd from vyos.util import call +from vyos import airbag +airbag.enable() + vyos_conf_scripts_dir = vyos.defaults.directories['conf_mode'] dependencies = [ diff --git a/src/conf_mode/lldp.py b/src/conf_mode/lldp.py index 6446074d8..1b539887a 100755 --- a/src/conf_mode/lldp.py +++ b/src/conf_mode/lldp.py @@ -27,6 +27,8 @@ from vyos import ConfigError from vyos.util import call from vyos.template import render +from vyos import airbag +airbag.enable() config_file = "/etc/default/lldpd" vyos_config_file = "/etc/lldpd.d/01-vyos.conf" diff --git a/src/conf_mode/mdns_repeater.py b/src/conf_mode/mdns_repeater.py index a652553f7..b43f9bdd8 100755 --- a/src/conf_mode/mdns_repeater.py +++ b/src/conf_mode/mdns_repeater.py @@ -25,6 +25,9 @@ from vyos import ConfigError from vyos.util import call from vyos.template import render +from vyos import airbag +airbag.enable() + config_file = r'/etc/default/mdns-repeater' default_config_data = { diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py index d491395ac..7294314c6 100755 --- a/src/conf_mode/nat.py +++ b/src/conf_mode/nat.py @@ -28,6 +28,9 @@ from vyos.util import call, cmd from vyos.validate import is_addr_assigned from vyos import ConfigError +from vyos import airbag +airbag.enable() + default_config_data = { 'deleted': False, 'destination': [], diff --git a/src/conf_mode/ntp.py b/src/conf_mode/ntp.py index 85f60293d..a66fddc61 100755 --- a/src/conf_mode/ntp.py +++ b/src/conf_mode/ntp.py @@ -25,6 +25,9 @@ from vyos.util import call from vyos.template import render from vyos import ConfigError +from vyos import airbag +airbag.enable() + config_file = r'/etc/ntp.conf' default_config_data = { diff --git a/src/conf_mode/protocols_bfd.py b/src/conf_mode/protocols_bfd.py index d6577579e..c8e791c78 100755 --- a/src/conf_mode/protocols_bfd.py +++ b/src/conf_mode/protocols_bfd.py @@ -25,6 +25,8 @@ from vyos import ConfigError from vyos.util import call from vyos.template import render +from vyos import airbag +airbag.enable() config_file = r'/tmp/bfd.frr' diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py new file mode 100755 index 000000000..3aa76d866 --- /dev/null +++ b/src/conf_mode/protocols_bgp.py @@ -0,0 +1,102 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2020 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import jmespath + +from copy import deepcopy +from sys import exit + +from vyos.config import Config +from vyos.template import render +from vyos import ConfigError, airbag +airbag.enable() + +config_file = r'/tmp/bgp.frr' + +default_config_data = { + 'as_number': '' +} + +def get_config(): + bgp = deepcopy(default_config_data) + conf = Config() + + # this lives in the "nbgp" tree until we switch over + base = ['protocols', 'nbgp'] + if not conf.exists(base): + return None + + bgp = deepcopy(default_config_data) + # Get full BGP configuration as dictionary - output the configuration for development + # + # vyos@vyos# commit + # [ protocols nbgp 65000 ] + # {'nbgp': {'65000': {'address-family': {'ipv4-unicast': {'aggregate-address': {'1.1.0.0/16': {}, + # '2.2.2.0/24': {}}}, + # 'ipv6-unicast': {'aggregate-address': {'2001:db8::/32': {}}}}, + # 'neighbor': {'192.0.2.1': {'password': 'foo', + # 'remote-as': '100'}}}}} + # + tmp = conf.get_config_dict(base) + + # extract base key from dict as this is our AS number + bgp['as_number'] = jmespath.search('nbgp | keys(@) [0]', tmp) + + # adjust level of dictionary returned by get_config_dict() + # by using jmesgpath and update dictionary + bgp.update(jmespath.search('nbgp.* | [0]', tmp)) + + from pprint import pprint + pprint(bgp) + # resulting in e.g. + # vyos@vyos# commit + # [ protocols nbgp 65000 ] + # {'address-family': {'ipv4-unicast': {'aggregate-address': {'1.1.0.0/16': {}, + # '2.2.2.0/24': {}}}, + # 'ipv6-unicast': {'aggregate-address': {'2001:db8::/32': {}}}}, + # 'as_number': '65000', + # 'neighbor': {'192.0.2.1': {'password': 'foo', 'remote-as': '100'}}, + # 'timers': {'holdtime': '5'}} + + return bgp + +def verify(bgp): + # bail out early - looks like removal from running config + if not bgp: + return None + + return None + +def generate(bgp): + # bail out early - looks like removal from running config + if not bgp: + return None + + render(config_file, 'frr/bgp.frr.tmpl', bgp) + return None + +def apply(bgp): + return None + +if __name__ == '__main__': + try: + c = get_config() + verify(c) + generate(c) + apply(c) + except ConfigError as e: + print(e) + exit(1) diff --git a/src/conf_mode/protocols_igmp.py b/src/conf_mode/protocols_igmp.py index 821ccb0fc..6f0e2010f 100755 --- a/src/conf_mode/protocols_igmp.py +++ b/src/conf_mode/protocols_igmp.py @@ -24,6 +24,8 @@ from vyos.config import Config from vyos.util import call from vyos.template import render +from vyos import airbag +airbag.enable() config_file = r'/tmp/igmp.frr' diff --git a/src/conf_mode/protocols_mpls.py b/src/conf_mode/protocols_mpls.py index 9b946b43a..15785a801 100755 --- a/src/conf_mode/protocols_mpls.py +++ b/src/conf_mode/protocols_mpls.py @@ -21,6 +21,8 @@ from vyos import ConfigError from vyos.util import call from vyos.template import render +from vyos import airbag +airbag.enable() config_file = r'/tmp/ldpd.frr' diff --git a/src/conf_mode/protocols_pim.py b/src/conf_mode/protocols_pim.py index 15c4a2b0f..8aa324bac 100755 --- a/src/conf_mode/protocols_pim.py +++ b/src/conf_mode/protocols_pim.py @@ -24,6 +24,8 @@ from vyos import ConfigError from vyos.util import call from vyos.template import render +from vyos import airbag +airbag.enable() config_file = r'/tmp/pimd.frr' diff --git a/src/conf_mode/protocols_static_multicast.py b/src/conf_mode/protocols_static_multicast.py index ba6324393..eeab26d4d 100755 --- a/src/conf_mode/protocols_static_multicast.py +++ b/src/conf_mode/protocols_static_multicast.py @@ -24,6 +24,8 @@ from vyos.config import Config from vyos.util import call from vyos.template import render +from vyos import airbag +airbag.enable() config_file = r'/tmp/static_mcast.frr' diff --git a/src/conf_mode/salt-minion.py b/src/conf_mode/salt-minion.py index 8bc35bb45..3343d1247 100755 --- a/src/conf_mode/salt-minion.py +++ b/src/conf_mode/salt-minion.py @@ -26,6 +26,9 @@ from vyos.template import render from vyos.util import call, chown from vyos import ConfigError +from vyos import airbag +airbag.enable() + config_file = r'/etc/salt/minion' master_keyfile = r'/opt/vyatta/etc/config/salt/pki/minion/master_sign.pub' diff --git a/src/conf_mode/service_ipoe-server.py b/src/conf_mode/service_ipoe-server.py index 84443ade3..b539da98e 100755 --- a/src/conf_mode/service_ipoe-server.py +++ b/src/conf_mode/service_ipoe-server.py @@ -27,6 +27,9 @@ from vyos.util import call, get_half_cpus from vyos.validate import is_ipv4 from vyos import ConfigError +from vyos import airbag +airbag.enable() + ipoe_conf = '/run/accel-pppd/ipoe.conf' ipoe_chap_secrets = '/run/accel-pppd/ipoe.chap-secrets' diff --git a/src/conf_mode/service_pppoe-server.py b/src/conf_mode/service_pppoe-server.py index e05b0ab2a..e8777dcad 100755 --- a/src/conf_mode/service_pppoe-server.py +++ b/src/conf_mode/service_pppoe-server.py @@ -27,6 +27,9 @@ from vyos.util import call, get_half_cpus from vyos.validate import is_ipv4 from vyos import ConfigError +from vyos import airbag +airbag.enable() + pppoe_conf = r'/run/accel-pppd/pppoe.conf' pppoe_chap_secrets = r'/run/accel-pppd/pppoe.chap-secrets' diff --git a/src/conf_mode/service_router-advert.py b/src/conf_mode/service_router-advert.py index 620f3eacf..da7019e2c 100755 --- a/src/conf_mode/service_router-advert.py +++ b/src/conf_mode/service_router-advert.py @@ -24,6 +24,8 @@ from vyos import ConfigError from vyos.util import call from vyos.template import render +from vyos import airbag +airbag.enable() config_file = r'/etc/radvd.conf' diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py index 7530da2dc..2b6140f41 100755 --- a/src/conf_mode/snmp.py +++ b/src/conf_mode/snmp.py @@ -28,6 +28,8 @@ from vyos import ConfigError from vyos.util import call from vyos.template import render +from vyos import airbag +airbag.enable() config_file_client = r'/etc/snmp/snmp.conf' config_file_daemon = r'/etc/snmp/snmpd.conf' diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py index 76fdad8ae..c830497ab 100755 --- a/src/conf_mode/ssh.py +++ b/src/conf_mode/ssh.py @@ -22,6 +22,8 @@ from vyos import ConfigError from vyos.util import call from vyos.template import render +from vyos import airbag +airbag.enable() config_file = r'/etc/ssh/sshd_config' diff --git a/src/conf_mode/system-ip.py b/src/conf_mode/system-ip.py index 8a1ac8411..85f1e3771 100755 --- a/src/conf_mode/system-ip.py +++ b/src/conf_mode/system-ip.py @@ -22,6 +22,8 @@ from vyos.config import Config from vyos import ConfigError from vyos.util import call +from vyos import airbag +airbag.enable() default_config_data = { 'arp_table': 8192, diff --git a/src/conf_mode/system-ipv6.py b/src/conf_mode/system-ipv6.py index 04a063564..3417c609d 100755 --- a/src/conf_mode/system-ipv6.py +++ b/src/conf_mode/system-ipv6.py @@ -23,6 +23,8 @@ from vyos.config import Config from vyos import ConfigError from vyos.util import call +from vyos import airbag +airbag.enable() ipv6_disable_file = '/etc/modprobe.d/vyos_disable_ipv6.conf' diff --git a/src/conf_mode/system-login-banner.py b/src/conf_mode/system-login-banner.py index 5a34a0b06..5c0adc921 100755 --- a/src/conf_mode/system-login-banner.py +++ b/src/conf_mode/system-login-banner.py @@ -18,6 +18,9 @@ from sys import exit from vyos.config import Config from vyos import ConfigError +from vyos import airbag +airbag.enable() + motd=""" The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py index 536c5f70e..5990c3777 100755 --- a/src/conf_mode/system-login.py +++ b/src/conf_mode/system-login.py @@ -28,6 +28,9 @@ from vyos.template import render from vyos.util import cmd, call, DEVNULL, chmod_600, chmod_755 from vyos import ConfigError +from vyos import airbag +airbag.enable() + radius_config_file = "/etc/pam_radius_auth.conf" default_config_data = { diff --git a/src/conf_mode/system-options.py b/src/conf_mode/system-options.py index b3dbc82fb..8de3b6fa2 100755 --- a/src/conf_mode/system-options.py +++ b/src/conf_mode/system-options.py @@ -22,6 +22,9 @@ from vyos.config import Config from vyos import ConfigError from vyos.util import run +from vyos import airbag +airbag.enable() + systemd_ctrl_alt_del = '/lib/systemd/system/ctrl-alt-del.target' default_config_data = { diff --git a/src/conf_mode/system-proxy.py b/src/conf_mode/system-proxy.py index cf72a1f96..02536c2ab 100755 --- a/src/conf_mode/system-proxy.py +++ b/src/conf_mode/system-proxy.py @@ -23,6 +23,9 @@ import re from vyos import ConfigError from vyos.config import Config +from vyos import airbag +airbag.enable() + proxy_def = r'/etc/profile.d/vyos-system-proxy.sh' diff --git a/src/conf_mode/system-syslog.py b/src/conf_mode/system-syslog.py index 9da3d9157..8b20e1135 100755 --- a/src/conf_mode/system-syslog.py +++ b/src/conf_mode/system-syslog.py @@ -24,6 +24,8 @@ from vyos import ConfigError from vyos.util import run from vyos.template import render +from vyos import airbag +airbag.enable() def get_config(): c = Config() diff --git a/src/conf_mode/system-timezone.py b/src/conf_mode/system-timezone.py index 25b949a79..0f4513122 100755 --- a/src/conf_mode/system-timezone.py +++ b/src/conf_mode/system-timezone.py @@ -22,6 +22,8 @@ from vyos.config import Config from vyos import ConfigError from vyos.util import call +from vyos import airbag +airbag.enable() default_config_data = { 'name': 'UTC' diff --git a/src/conf_mode/system-wifi-regdom.py b/src/conf_mode/system-wifi-regdom.py index b222df0a9..30ea89098 100755 --- a/src/conf_mode/system-wifi-regdom.py +++ b/src/conf_mode/system-wifi-regdom.py @@ -23,6 +23,8 @@ from vyos.config import Config from vyos import ConfigError from vyos.template import render +from vyos import airbag +airbag.enable() config_80211_file='/etc/modprobe.d/cfg80211.conf' config_crda_file='/etc/default/crda' diff --git a/src/conf_mode/task_scheduler.py b/src/conf_mode/task_scheduler.py index b171e9576..51d8684cb 100755 --- a/src/conf_mode/task_scheduler.py +++ b/src/conf_mode/task_scheduler.py @@ -23,6 +23,8 @@ import sys from vyos.config import Config from vyos import ConfigError +from vyos import airbag +airbag.enable() crontab_file = "/etc/cron.d/vyos-crontab" diff --git a/src/conf_mode/tftp_server.py b/src/conf_mode/tftp_server.py index 94c8bcf03..d31851bef 100755 --- a/src/conf_mode/tftp_server.py +++ b/src/conf_mode/tftp_server.py @@ -28,6 +28,8 @@ from vyos import ConfigError from vyos.util import call from vyos.template import render +from vyos import airbag +airbag.enable() config_file = r'/etc/default/tftpd' diff --git a/src/conf_mode/vpn_l2tp.py b/src/conf_mode/vpn_l2tp.py index f312f2a17..febe8c3b7 100755 --- a/src/conf_mode/vpn_l2tp.py +++ b/src/conf_mode/vpn_l2tp.py @@ -30,6 +30,8 @@ from vyos.validate import is_ipv4 from vyos import ConfigError from vyos.template import render +from vyos import airbag +airbag.enable() l2tp_conf = '/run/accel-pppd/l2tp.conf' l2tp_chap_secrets = '/run/accel-pppd/l2tp.chap-secrets' diff --git a/src/conf_mode/vpn_pptp.py b/src/conf_mode/vpn_pptp.py index 085c9c2c6..5c8b53e1d 100755 --- a/src/conf_mode/vpn_pptp.py +++ b/src/conf_mode/vpn_pptp.py @@ -26,6 +26,9 @@ from vyos.template import render from vyos.util import call, get_half_cpus from vyos import ConfigError +from vyos import airbag +airbag.enable() + pptp_conf = '/run/accel-pppd/pptp.conf' pptp_chap_secrets = '/run/accel-pppd/pptp.chap-secrets' diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py index 7c3e3f515..e080ce0dd 100755 --- a/src/conf_mode/vpn_sstp.py +++ b/src/conf_mode/vpn_sstp.py @@ -27,6 +27,9 @@ from vyos.util import call, run, get_half_cpus from vyos.validate import is_ipv4 from vyos import ConfigError +from vyos import airbag +airbag.enable() + sstp_conf = '/run/accel-pppd/sstp.conf' sstp_chap_secrets = '/run/accel-pppd/sstp.chap-secrets' diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py index eb73293a9..e8f523e36 100755 --- a/src/conf_mode/vrf.py +++ b/src/conf_mode/vrf.py @@ -27,6 +27,8 @@ from vyos.util import read_file, cmd from vyos import ConfigError from vyos.template import render +from vyos import airbag +airbag.enable() config_file = r'/etc/iproute2/rt_tables.d/vyos-vrf.conf' diff --git a/src/conf_mode/vrrp.py b/src/conf_mode/vrrp.py index 1a5ad1f8c..292eb0c78 100755 --- a/src/conf_mode/vrrp.py +++ b/src/conf_mode/vrrp.py @@ -29,6 +29,8 @@ from vyos.template import render from vyos.ifconfig.vrrp import VRRP +from vyos import airbag +airbag.enable() def get_config(): vrrp_groups = [] diff --git a/src/conf_mode/vyos_cert.py b/src/conf_mode/vyos_cert.py index 8b8953cb7..fb4644d5a 100755 --- a/src/conf_mode/vyos_cert.py +++ b/src/conf_mode/vyos_cert.py @@ -27,6 +27,9 @@ from vyos.config import Config from vyos import ConfigError from vyos.util import cmd +from vyos import airbag +airbag.enable() + vyos_conf_scripts_dir = vyos.defaults.directories['conf_mode'] # XXX: this model will need to be extended for tag nodes |